Sure but using inline requires a machine in bridge or router mode. In router mode you make all traffic go through an iptables QUEUE target. If neither bridge or router mode is feasible and you can't add another machine then the only thing I can think of is trying to use virtualization, have the VM guest be other end of the bridge and host the services (or maybe the other way around: have a VM guest with two network cards play snort-inline). I don't know if that will work, be secure or performant enough and I can't judge if the overhead of running a complete OS for it is ludicrous to start with.
* If you don't need Snort in inline mode then maybe adding some third party app to trigger blocking traffic by managing iptables rules (anything newer than Guardian?) could do?
Last edited by unSpawn; 06-14-2009 at 05:43 AM.
|